From

Thank you

Sorry

Two months ago, in a concerted effort, multiple ACLU affiliates filed a total of 381 Freedom of Information Act (FoIA) requests in 32 states, asking local law enforcement agencies to disclose how they are using mobile phone location data.

The FoIA request in North Carolina struck gold: a copy of an official Department of Justice flyer (PDF), dated August 2010 that explains exactly what data is retained by Verizon Wireless, T-Mobile, AT&T, Sprint, and Sprint division Nextel. There's an enhanced copy on the ACLU website.

The eye-openers:

All of the mobile phone companies keep details about the location of cell towers used by every phone, for a year or longer.

All of the mobile phone companies keep records about voice calls and text messages received and sent for a year or longer. Verizon stores the contents of every text message for three to five days. (The others don't keep the text.)

IP session information -- tying your phone to an IP address -- is kept for a year by Verizon and 60 days on Sprint and Nextel.

IP destination information -- which IP addresses you connected to -- is stored for 90 days at Verizon and 60 days on Sprint and Nextel.

The ACLU is gathering information on what steps local police have to go through in order to acquire that stored data: warrants, formal requests, emergencies, possibly even informal procedures. They're also trying to figure out how law enforcement agencies share the data and how long it's retained. There doesn't appear to be any sort of uniform nationwide policy or widespread judicial precedent.

The ACLU is also looking at law enforcement requests to "identify all of the cell phones at a particular location" and "systems whereby law enforcement agents are notified whenever a cell phone comes within a specific geographic area."

We've all been concerned about privacy and location data being leaked sporadically on iOS, Android, and Windows Phone devices. Seems that we've been looking at very, very small potatoes.